RSS Alerts

Related Links

Related Stories

  • Microsoft gets agile with Security Development Lifecycle
    Microsoft has announced guidance for applying secure programming techniques for agile software developers. The company rolled out new guidelines that will enable agile software developers to apply its Security Development Lifecycle (SDL) guidelines.
  • Running the Right Risks
    Standards cover much of the field of information risk management, but there is an art to the rational understanding and mitigation of risk that is more about skill than knowledge. Brian McKenna uncovers how the discipline can be practiced with a cool head and a calm stomach
    Members' Content
  • Virtualization: virtually a commodity
    Virtualization is a welcome medicine for many of IT's irritating symptoms. But is there a risk that basic information security hygiene will suffer as a result? William Knight investigates
  • Microsoft to launch exploitability analysis tool
    Microsoft will announce an open source tool on Friday designed to help programmers filter out serious security flaws in their programs before they ship. Members of the company's Trustworthy Computing team, speaking at Vancouver-based security conference CanSecWest, will unveil !exploitable, a software tool that analyses crash data from programs and prioritizes key security flaws.
  • Do Punishments Fit the Cybercrime?
    Although some collaborative strides have been made, the international law enforcement community still lacks sufficient resources and skills to have substantial impact on the cybercrime juggernaut. The (ISC)² U.S. Government Advisory Board examines deterrent effects of recent high-profile prosecutions, legislative gaps, challenges in US cybercrime laws, and obstacles facing international law enforcement strategies.
    Members' Content

News

Microsoft enhances SDL

02 February 2010

Microsoft announced three enhancements to its secure development lifecycle (SDL) initiative at the BlackHat DC conference this week.

Microsoft has developed a white paper explaining how to implement the SDL in a more simplified way. Many developers avoid secure development practices because they think it will cost too much and require huge resources, Microsoft said. They also put off adopting Microsoft’s SDL because they believe it is exclusively for the Microsoft platform. The simplified implementation white paper explains how to implement the SDL for other platforms, and with limited resources.

Microsoft also released the beta version of its Solutions Framework for Agile Software Development plus Security Development Lifecycle (MSF Agile + SDL) Process Template for Visual Studio Team System (VSTS) 2008. The beta is scheduled for full release at the end of the second quarter.

The template analyzes code checked into Visual Studio to make sure that it complies with SDL best practice. It also tracks workflow for manual SDL processes, such as threat modeling, Microsoft said.

The MSF Agile + SDL process template for Visual Studio 2010 will also be released shortly after Microsoft releases Visual Studio 2010 (currently scheduled for April 2010).

The company has created a new Tools category of membership that will complement the existing Consulting and Training membership categories. Tools members are companies that are able to deploy a range of security tools, within the SDL.

In addition, seven new members are joining the network. Fortify, Veracode, and Codenomicon are now tools members. Booz-Allen Hamilton, Casaba Security and Consult2Comply are consulting members, while Safelight Security Advisors joined as a training member.

 

This article is featured in:
Application Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water